In order to limit (hopefully avoid) InfoSec risk, we use controls. These can be technical or administrative.
Either way, they will involve humans who need to understand and accept the controls. In general, we may require people to wear seatbelts, pick complex passwords or quit smoking at work. Co-workers will find ways to circumvent controls that they’re not motivated to accept.
Any technocrat can pick the strongest control. A wise leader will consult and motivate his team before implementing it.
Read more about employee disengagement at Sonia Jaspal's RiskBoard.
(some of) my events
- 2018-10-03--05 Operativ informationssäkerhet (teaching course, Stockholm)
- 2018-09-05--07 Strategisk informationssäkerhet (teaching course, Stockholm)
- 2018-05-23--25 Teknisk informationssäkerhet (teaching course, Stockholm)
- 2018-05-17 Three Capabilities in a Crisis (guest lecturing at Mid Sweden University, Östersund)
- 2018-05-16 Info.säkerhet är inte "någon annans problem" (lunch seminar at Mid Sweden University, Östersund)